httplib2 raises ValueError while parsing WWW-Authenticate header from Facebook API

[GoogleCodeExporter]

I’m trying to authenticate against Facebook API with invalid token (I need 
this for testing). httplib2 raises ValueError while parsing WWW-Authenticate 
header in response from Facebook.

Code to reproduce:

import httplib2
http = httplib2.Http()
headers = {'Authorization': 'OAuth invalid-token'}
response, content = http.request('https://graph.facebook.com/me', 
headers=headers)

I guess that httplib2’s _parse_www_authenticate progressively splits 
header’s value ('OAuth "Facebook Platform" "invalid_token" "Invalid OAuth 
access token."') without considering double quotes.

Original issue reported on code.google.com by vold...@voldmar.com on 3 Nov 2010 at 4:57

[GoogleCodeExporter]

This issue was closed by revision 6d24bff225.

Original comment by joe.gregorio@gmail.com on 14 Feb 2011 at 3:45

• Changed state: Fixed

[GoogleCodeExporter]

That isn't even remotely close to a valid WWW-Authenticate header. I now catch 
such monstrosities and throw a MalformedHeader exception.

Original comment by joe.gregorio@gmail.com on 14 Feb 2011 at 3:46

[GoogleCodeExporter]

Issue 68 has been merged into this issue.

Original comment by joe.gregorio@gmail.com on 15 Feb 2011 at 4:46

[GoogleCodeExporter]

Given the header "WWW-Authenticate: Basic" with no realm,

(auth_scheme, the_rest) = authenticate.split(" ", 1)

tries to split "Basic" and throws a ValueError. It would be nice if we instead 
ignored the fact that no realm was given.

Original comment by lurayl on 28 Mar 2012 at 1:55

[GoogleCodeExporter]

I am also attempting to use httplib2 against a server that sends:

   WWW-Authenticate: Basic

and I am also getting the MalformedHeader.

Unlike the Facebook header, this one is close to a valid WWW-Authenticate 
header, and is apparently common.

Original comment by marty@backshore.com on 19 Sep 2013 at 6:31